Server Security 1y535h
For Linux s 4i3k2s
Never run your server as root because this can make your whole system vulnerable!
- CS2D crashes (or stops processing net requests) when it receives empty UDP packets. Use this IP-Tables rule to block empty packages:
iptables -A INPUT -p udp -m length --length 0:28 -j DROP--length 0:28 selects packets with a length of 0 to 28 bytes. 28 bytes is the UDP header size. Packets with a size of 28 bytes consist of header only and have no payload. CS2D does not use empty UDP packets but other apps might do so. In such a case you should limit the rule to the port(s) you are using for CS2D servers.
Important Settings 1w2f1c
The most important settings for server security: 13m5o
- banusgn to ban these guys.
- sv_: The of your server. You should choose a long with letters and numbers if you don't want random people to . Otherwise keep it empty.
- mp_maxrconfails. It tells the game how often people are allowed to fail while logging in. Further attempts will be ignored. The default is 5 attempts which should be okay for most servers.
- mp_kickpercent: Controls how many votes are required to votekick players. Default is 0.66 = 66% of all players in the same team.
- mp_maxclientsip: How many players with the same IP are allowed on your server? Default is 5. You have to increase this value if many people from within the same network want to . Set it to 1 if you have problems with -flooders and fake players that have the same IP.
- mp_floodprot: This is a primitive attack protection against DoS (denial of service) attacks from one single source. Your server will cease to respond to UDP packet flooders automatically when this setting is enabled. Make sure that it is set to 1 (activated). You normally never have to disable this protection!
- sv_rcons!
- mp_reservations or Lua scripts that use the U.S.G.N. ID. It will make sure that the U.S.G.N. ID of players is correct before it allows them to .
- There is more: Full list of all security related CS2D settings
External Remote Control (RCon) 231z5m
External RCon is allowed as soon as you set an RCon . It allows to control your server without ing it. This can be done over a serverlist context menu or 3rd party tools. External RCon can be a risk because it sends your RCon unencrypted. It is recommended to always use sv_rcons which restricts RCon access and automatically disables external RCon as well.
Check your Logs 606v3i
Strange things happen on your server? Check the log files! You can find all your log files in sys/logs/ in your CS2D folder.